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DETAILED ACTION 
Response to Arguments 

Applicant's arguments witli respect to Claims 25, 33, 39 and 44 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Objections 

Claim 25 is objected to because of the following informalities: Claim 25 recites 
"at least one authentication mode than can be supported" and the limitation should read 
"at least one authentication mode that can be supported". Appropriate correction is 
required. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form 
the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was deschbed in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the Invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed In the United States before the invention by the 
applicant for patent, except that an International application filed under the treaty defined In section 
351(a) shall have the effects for purposes of this subsection of an application filed In the United States 
only if the International application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claim 25 - 27, 30, 31, 33 - 36 and 39 - 47 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Barriga-Caceres et al. (U.S. 2003/0163733 A1). 

With respect to Claim 25, Barriga-Caceres et al. teaches a method comprising: 
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• transmitting a subscriber station basic capability negotiation request (SBC- 
REQ) message to the base station, tine SBC-REQ message including 
information on at least one authentication mode than can be supported by 
the subscriber station (Fig. 5B, step C-503 and Paragraph [0101]; Step 
C-503 transmits the authentication mode selected by user, among 
different authentication mechanisms available for the user.); 

• receiving a subscriber station basic capability negotiation response (SBC- 
RSP) message including information on an authentication mode that is 
selected by the base station among the at least one authentication mode 
(Fig. 5B, step C-504 and Paragraph [0101]; As the user chooses to 
authenticate via the SIM card, as shown as an example in Paragraph 
[0101], the base station then invokes the chosen authentication by 
inquiring the related credentials with step C-504. Further, as the user 
provides information regarding only one authentication mode, the 
base station picks that only one authentication mode to proceed.); 
and 

• transmitting an authentication request message corresponding to the 
selected authentication mode to the base station (Fig. 5B, step C-505 
and Paragraph [0101]). 

With respect to Claim 26, Barriga-Caceres et al. further teaches wherein each of 
the SBC-REQ message and the SBC-RSP message includes a parameter for selecting 
the authentication mode (Paragraph [0101]; IMSI is the parameter). 
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With respect to Claim 27, Barriga-Caceres et al. furtlier teaclies wlierein tine 
selected authentication mode includes at least one of a digital certificate based 
authentication mode and an extensible authentication protocol (EAP) based 
authentication mode (Paragraph [0101]; "Provided that a SIM-based authentication 
had been selected, the IMSI is used as applicable identity and is encapsulated in 
an Attribute Value Pair (AVP) of an Extensible Authentication Protocol (EAP) and 
in the User-Name AVP"). 

With respect to Claim 30, Barriga-Caceres et al. further teaches wherein, when 
the selected authentication mode is an EAP-based authentication mode, the 
authentication request message is a message for requesting the authentication by an 
authentication, authorization, and accounting (AAA) server, wherein the AAA server is 
connected to the base station and performs the authentication (Fig. 5B, AAA 44 and 
Paragraph [0101]). 

With respect to Claim 31, Barriga-Caceres et al. further teaches wherein, when 
the selected authentication mode is an EAP-based authentication mode, the 
authentication request message includes an EAP payload, wherein the EAP payload 
includes data for the authentication (Paragraphs [0101] and [0102]). 

With respect to Claim 33, Barriga-Caceres et al. teaches a method comprising: 
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• receiving a subscriber station basic capability negotiation request (SBC- 
REQ) message from tine subscriber station mode, the SBC-REQ message 
including information on at least one authentication mode that can be 
supported by the subscriber station (Fig. 5B, step C-503 and Paragraph 
[01011; Step C-503 transmits the authentication mode selected by 
user, among different authentication mechanisms available for the 
user.); 

• selecting an authentication mode from among the at least one 
authentication mode (Fig. 5B, step C-504 and Paragraph [0101]; As the 
user chooses to authenticate via the SIIVI card, as shown as an 
example in Paragraph [0101], the base station then involves the 
chosen authentication by inquiring the related credentials with step 
C-504. Further, as the user provides information regarding only one 
authentication mode, the base station picks that only one 
authentication mode to proceed.); 

• transmitting a first response message to the subscriber station, the first 
response message including information on the selected authentication 
mode (Fig. 5B, step C-504 and Paragraph [0101]); 

• receiving an authentication request message corresponding to the 
selected authentication mode from the subscriber station (Fig. 58, step C- 
505 and Paragraph [0101]); and 
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• transmitting a second response message to the subscriber station, the 
second response message representing a result of the authentication 
performed in accordance with the authentication request message (Fig. 
5B, step C-513, Fig. 5C, steps C-25 or C-29). 

With respect to Claim 34, Barriga-Caceres et al. further teaches wherein the 
authentication mode includes at least one of a digital certificate based authentication 
mode and an extensible authentication protocol (EAP) based authentication mode 
(Paragraph [0101]; "Provided that a SIM-based authentication had been selected, 
the IIVISI is used as applicable identity and is encapsulated in an Attribute Value 
Pair (AVP) of an Extensible Authentication Protocol (EAP) and in the User-Name 
AVP"). 

With respect to Claim 35, Barriga-Caceres et al. further teaches wherein, when 
the selected authentication mode is an EAP-based authentication mode, the receiving 
of the authentication request message comprises requesting an authentication, 
authorization, and accounting (AAA) server to perform an authentication through an 
standardized authentication protocol of an upper layer (Fig. 5B, AAA 44 and 
Paragraph [0101]). 

With respect to Claim 36, Barriga-Caceres et al. further teaches wherein, when 
the selected authentication mode is an EAP-based authentication mode, the second 
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response message includes an EAP payload, wherein tlie EAR payload includes data 
for the authentication (Paragraphs [0101] and [0102]). 



With respect to Claim 39, Barriga-Caceres et al. teaches an apparatus 
comprising: 

• message parser configured to receive a first message from the subscriber 
station, the first message including information on at least one 
authentication mode that can be supported by the subscriber station (Fig. 
5B, step C-503 and Paragraph [0101]; Step C-503 transmits the 
authentication mode selected by user, among different 
authentication mechanisms available for the user.); 

• an authentication controller configured to select an authentication mode 
that can be performed by the base station among the at least one 
authentication mode, and for transmitting a second message including 
information on the selected authentication mode to the subscriber station 
(Fig. 58, step C-504 and Paragraph [0101]; As the user chooses to 
authenticate via the SIM card, as shown as an example in Paragraph 
[0101], the base station then invokes the chosen authentication by 
inquiring the related credentials with step C-504. Further, as the user 
provides information regarding only one authentication mode, the 
base station picks that only one authentication mode to proceed.); 
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• wherein tine message parser is furtlier configured to receive an 
authentication request from the subscriber station by receiving a privacy 
key management request (PKM-REQ) message having a message type 
according to the selected authentication mode (Fig. 5B, step C-505 and 
Paragraph [0101]); and 

• wherein the authentication reply message generator is further configured 
to transmit a privacy key management response (PKM-RSP) message 
having a message type according to the selected authentication mode to 
the subscriber station in response to the authentication request (Fig. 5B, 
step C-513, Fig. 5C, steps C-25 or C-29). 

With respect to Claim 40, Barriga-Caceres et al. further teaches wherein, when 
the selected authentication mode is an extensible authentication protocol (EAP) based 
authentication mode, the message type of each of the PKM-REQ message and the 
PKM-RSP message is an EAP transfer including an EAP payload, wherein the EAP 
payload includes data for the authentication (Paragraphs [0101] and [0102]). 

With respect to Claim 41 , Barriga-Caceres et al. teaches a method comprising: 

• receiving a subscriber station basic capability negotiation request (SBC- 
REQ) message from the subscriber station, the SBC-REQ message 
including a parameter representing at least one authentication mode that 
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can be supported by the subscriber station (Fig. 5B, step C-503 and 
Paragraph [0101]; IMSI is the parameter); 

• selecting an authentication mode that can be performed by the base 
station among the at least one authentication mode (Fig. 5B, step C-504 
and Paragraph [0101]); and 

• transmitting a subscriber station basic capability negotiation response 
(SBC-RSP) message to the subscriber station, the SBC-RSP including a 
parameter representing the selected authentication mode (Fig. 5B, step 
C-504 and Paragraph [0101]). 

With respect to Claim 42, Barriga-Caceres et al. teaches further comprising: 

• receiving a privacy key management request (PKM-REQ) message 
having a message type according to the selected authentication mode 
(Fig. 5B, step C-505 and Paragraph [0101]); and 

• transmitting a privacy key management response (PKM-RSP) message 
having a message type according to the selected authentication mode to 
the subscriber station in response to the PKM-REQ message (Fig. 5B, 
step C-513, Fig. 5C, steps C-25 or C-29). 

With respect to Claim 43, Barriga-Caceres et al. further teaches wherein, when 
the selected authentication mode is an extensible authentication protocol (EAP) based 
authentication mode, the message type of each of the PKM-REQ message and the 
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PKM-RSP message is an EAP transfer including an EAP payload, wherein tlie EAP 
payload includes data for the authentication (Paragraphs [0101] and [0102]). 



With respect to Claim 44, Barriga-Caceres et al. teaches a method comprising: 

• setting an extensible authentication protocol (EAP) based authentication 
mode as an authentication mode by negotiating with the subscriber 
station, wherein the EAP based authentication mode is selected by the 
base station from among at least one authentication mode that can be 
supported by the subscriber station (Fig. 5B, steps C-503, C-504 and 
Paragraph [0101]; Step C-503 transmits the authentication mode 
selected by user, among different authentication mechanisms 
available for the user. As the user chooses to authenticate via the 
SIM card, as shown as an example in Paragraph [0101], the base 
station then invokes the chosen authentication by inquiring the 
related credentials with step C-504. Further, as the user provides 
information regarding only one authentication mode, the base 
station picks that only one authentication mode to proceed.); 

• receiving an authentication request by receiving a privacy key 
management request (PKM-REQ) message from the subscriber station, 
the PKM-REQ message having a message type according to the EAP- 
based authentication mode (Fig. 5B, step C-505 and Paragraph [0101]); 
and 
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• transmitting a privacy l^ey management response (PK_M-RSP) message 
to the subscriber station in response to tine autlientication request, the 
PKM-RSP message having a message type according to the EAP based 
authentication mode (Fig. 5B, step C-513, Fig. 5C, steps C-25 or C-29). 



With respect to Claim 45, Barriga-Caceres et al. further teaches wherein the 
message type of each of the PKM-REQ message and the PKM-RSP message is an 
EAP transfer including an EAP payload, and the EAP payload includes data for the 
authentication (Paragraphs [0101] and [0102]). 



With respect to Claim 46, Barriga-Caceres et al. teaches an apparatus 
comprising: 

• an authentication request message generator configured to transmit a first 
message to the base station, the first message including information on at 
least one authentication mode that can be supported by the subscriber 
station (Fig. 5B, step C-503 and Paragraph [0101]; Step C-503 
transmits the authentication mode selected by user, among different 
authentication mechanisms available for the user.); and 

• an authentication reply message parser configured to receive a second 
message from the base station, the second message including information 
on an authentication mode selected by the base station among the at least 
one authentication mode (Fig. 5B, step C-504 and Paragraph [0101]; As 
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the user chooses to authenticate via the SlIVI card, as shown as an 
example in Paragraph [0101], the base station then involves the 
chosen authentication by inquiring the related credentials with step 
C-504. Further, as the user provides information regarding only one 
authentication mode, the base station picks that only one 
authentication mode to proceed.); 

• wherein tine autlientication request message generator is furtlier 
configured to receive an autlientication by transmitting a privacy l<ey 
management request (PKM-REQ) message to the base station, the PKIVI- 
REQ message having a message type according to the selected 
authentication mode (Fig. 5B, step C-505 and Paragraph [0101]); and 

• wherein the authentication reply message parser is further configured to 
receive a privacy key management response (PKM-RSP) message having 
a message type according to the selected authentication mode from the 
base station in response to the authentication request (Fig. 5B, step C- 
513, Fig. 5C, steps C-25 or C-29). 



With respect to Claim 47, Barriga-Caceres et al. further teaches wherein, when 
the selected authentication mode is an extensible authentication protocol (EAP) based 
authentication mode, the message type of each of the PKM-REQ message and the 
PKM-RSP message is an EAP transfer including an EAP payload, and wherein the EAP 
payload includes data for the authentication (Paragraphs [0101] and [0102]). 
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Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the phor art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 28, 29, 32, 37 and 38 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Barriga-Caceres et al. (U.S. 2003/0163733 A1) as applied to Claims 
25 and 33 above, and further in view of Aura (U.S. 7,272,381 B2). 

With respect to Claim 28, Barriga-Caceres et al. teaches all of the limitations in 
Claim 25 as discussed above. Barriga-Caceres et al. further teaches the authentication 
request message is a message for requesting the authentication by the base station 
(Fig. SB, step C-505 and Paragraph [0101]). 

Barriga-Caceres et al. does not explicitly teach " when the selected authentication 
mode is a digital certificate based authentication mode , the authentication request 
message Is a message for requesting the authentication by the base station." 

Aura teaches the use of various global identifiers, including home IP, MAC 
address or GSM IMS!, to identify misuse of the mobile access network and to function 
as a trust parameter for secure transmission (Col. 13, lines 38 - 67). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to modify the method in Barriga-Caceres et al. to include digital 
identifiers, as taught by Aura, to secure the transmission between two nodes. 
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With respect to Claim 29, Barriga-Caceres et al. teaclies all of the limitations in 
Claim 25 as discussed above. Barriga-Caceres et al. further teaches the authentication 
request message includes an authentication information message and an authorization 
request message (Fig. 58, step C-505 and Paragraph [0101]). 

Barriga-Caceres et al. does not explicitly teach " when the selected authentication 
mode is a digital certificate based authentication mode , the authentication request 
message includes an authentication information message and an authorization request 
message." 

Aura teaches the use of various global identifiers, including home IP, MAC 
address or GSM IMS!, to identify misuse of the mobile access network and to function 
as a trust parameter for secure transmission (Col. 13, lines 38 - 67). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to modify the method in Barriga-Caceres et al. to include digital 
identifiers, as taught by Aura, to secure the transmission between two nodes. 

With respect to Claim 32, Barriga-Caceres et al. teaches all of the limitations in 
Claim 25 as discussed above. Barriga-Caceres et al. further teaches wherein the 
authentication request message is a privacy key management request (PKM-REQ) 
message (Fig. SB, step C-505 and Paragraph [0101]). 



Application/Control Number: 1 0/578,1 1 3 Page 1 5 

Art Unit: 2617 

Barriga-Caceres et al. does not explicitly teach "wherein the authentication 
request message is a privacy key management request (PKM-REQ) message included 
in a medium access control (MAC) message ." 

Aura teaches the use of various global identifiers, including home IP, MAC 
address or GSM IMSI, to identify misuse of the mobile access network and to function 
as a trust parameter for secure transmission (Col. 13, lines 38 - 67). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to modify the method in Barriga-Caceres et al. to include digital 
identifiers, as taught by Aura, to secure the transmission between two nodes. 

With respect to Claim 37, Barriga-Caceres et al. teaches all of the limitations in 
Claim 33 as discussed above. Barriga-Caceres et al. further teaches the second 
response message includes an authentication reply message (Fig. 5B, step C-513, Fig. 
50, steps C-25 or C-29). 

Barriga-Caceres et al. does not explicitly teach " when the selected authentication 
mode is a digital certificate based authentication mode , the second response message 
includes an authentication reply message." 

Aura teaches the use of various global identifiers, including home IP, MAC 
address or GSM IMSI, to identify misuse of the mobile access network and to function 
as a trust parameter for secure transmission (Col. 13, lines 38 - 67). 
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It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to modify the method in Barriga-Caceres et al. to include digital 
identifiers, as taught by Aura, to secure the transmission between two nodes. 

With respect to Claim 38, Barriga-Caceres et al. teaches all of the limitations in 
Claim 33 as discussed above. Barriga-Caceres et al. further teaches wherein the 
second response message is a privacy key management response (PKM-RSP) 
message (Fig. 5B, step C-505 and Paragraph [0101]). 

Barriga-Caceres et al. does not explicitly teach "wherein the second response 
message is a privacy key management response (PKM-RSP) message included in a 
medium access control (MAC) message ." 

Aura teaches the use of various global identifiers, including home IP, MAC 
address or GSM IMSI, to identify misuse of the mobile access network and to function 
as a trust parameter for secure transmission (Col. 13, lines 38 - 67). 

It would have been obvious to one of ordinary skill in the art at the time of the 
invention was made to modify the method in Barriga-Caceres et al. to include digital 
identifiers, as taught by Aura, to secure the transmission between two nodes. 

Conclusion 

Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
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§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to STAMFORD HWANG whose telephone number is 
(571)270-5578. The examiner can normally be reached on Monday ~ Friday 9:00AM 
ET~ 6:00PM ET. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Charles Appiah can be reached on (571)272-7904. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 1 0/578,1 1 3 Page 1 8 

Art Unit: 2617 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/S.H./ 



/Charles N. Appiah/ 

Supervisory Patent Examiner, Art Unit 2617 



